I have been using my Mac and BT5 in Virtual machine up until now. I recently went on a course and for some reason the Virtual Machine would not hold the static IP address what caused me many problems when trying do scans.

So I was thinking of dual booting My mac with another OS and using that as my attacking platform.

Question?What OS do people use ? I have seen a few pen tester use ubuntu and I think this would be my logical choice since I am used to BT.

Does anyone know if you can dual boot ubuntu with a MAC OS?

Or are there other OS that I should look at ?

Also I have seen a lot of pen tester encrypt there hard drive what the best tool to do this ?

I have heard some companies use mac ports with a mac has anyone done this ? if so how easy is it to update tools ?

Jamie.R wrote:Thanks a lot of companies wont let you use Backtrack some can be a little fussy about it.

That's interesting - do you mean companies that engage to you do a pentest against their system or companies that employ you as a pen tester to attack others' systems? I would have thought that, if you are employed as a pen tester to attack a system, it wouldn't matter what tools you used, providing you abided by the agreement in terms of how far you're allowed to penetrate and what you are allowed to do when you have done so.

I use a mix of Win7 VM, SamuraiWTF VM and BT5 baremetal and a couple of CentOS 5 VMs I use for infrastructure support when necessary (like SMTP, FTP, etc). My laptop currently boots with BT5 and VMware Workstation but I also have Ubuntu and Win7 boot disks I can swap out when BT5 gets stupid. All my VM's are also backed up on an external USB 3.0 disk I can run off if need be. I store test data on external http://www.mxisecurity.com/ drives that can be remotely wiped if lost or stolen and I routinely wipe after every major test.

The one hole in my setup is that tool output is not as protected as it should be but I try to move results out of those directories and onto my encrypted drive as quickly as possible and then I shred the unencrypted info. For tools that store in a database format I don't have a great solution, but when possible I will use direct database access to purge sensitive info. Ideally I would store the db on external encrypted drive and redirect application paths to those DB's or use FDE. I just have not gotten that paranoid yet.

In the past, I ran Ubuntu and encrypted my home directory with Truecrypt but I have not set that up yet on my BT5 install. I'm currently looking at some other FDE options. I'm open to ideas. I do have a PGP 10 license I can use for WDE but it does not officially support newer versions of Ubuntu so have held off there. I may just have to pull the trigger and see what happens.